RISK COMMITTEE CHARTER

I. PURPOSE

The purpose of the Risk Committee (“Committee”) is to assist the (“Board”) of Origin Bancorp, Inc. (the “Company”) in fulfilling its responsibilities relating to the oversight of (a) the Company’s enterprise risk framework, (b) the Company’s risk appetite statement, including risk limits and tolerances, and (c) the performance of the Company’s Chief Risk Officer.

II. COMPOSITION

The Committee will be comprised of at least three directors, a majority of whom will be independent as that term is defined under NASDAQ Stock Market Rules (the “NASDAQ Rules”) and the Company’s independence guidelines.

The members of the Committee will be appointed by the Board on the recommendation of the Nominating and Committee and will serve at the pleasure of, and may be removed at any time by, the Board. Any vacancy on the Committee will be filled by the Board.

Unless a Chair is elected by the full Board, the members of the Committee will designate a Chair by the majority vote of the full Committee membership. The Chair will be responsible for the leadership of the Committee, including presiding over meetings and making regular reports to the Board.

The Committee will have the authority to delegate its responsibilities to a subcommittee or subcommittees as the Committee may deem appropriate, consistent with legal and regulatory requirements, in its sole discretion.

III. MEETINGS

The Committee will meet at least four times per year, with authority to convene additional meetings, as circumstances require. The Chair or any two other members of the Committee may call a meeting of the Committee upon due notice to each other member at least 48 hours prior to the meeting. Except as otherwise provided in this charter, the Committee will be governed by the same rules regarding meetings, actions without meetings, notice, waiver of notice, quorum and voting requirements as applicable to the Board under the Company’s bylaws. The Chair of the Committee will preside at each meeting of the Committee and in consultation with the other members of the Committee, will set the frequency and length of each meeting and the agenda of items to be addressed. The Committee may invite members of management and others to attend meetings and provide pertinent information, and, except as otherwise provided by the Chair, the and President, Chief Risk Officer, Deputy Chief Risk

1 50309.0002 83255v6

Officer, , Chief Accounting Officer, Company , and will generally attend all regularly scheduled quarterly meetings of the Committee. Minutes will be prepared, and the Committee will report to the Board the results of its meetings.

The Committee may receive information and participate in informal meetings and briefings with management, including the Chief Executive Officer and President, Chief Risk Officer, Deputy Chief Risk Officer, Chief Financial Officer, Chief Accounting Officer, Company General Counsel, Chief Compliance Officer or Chief Audit Executive, as necessary and appropriate between formal meetings of the Committee. Such briefings and informal meetings may be through the Chair or individual Committee members, as appropriate.

IV. DUTIES AND RESPONSIBILITIES

The Committee has the following specific duties and responsibilities, in addition to any other matters that may be delegated to the Committee from time to time by the full Board:

A. Oversight of Risk Management and Risk Tolerance

1. Oversee the Company’s enterprise risk management framework and risk appetite statement, including the ongoing alignment of the risk appetite statement with the Company’s strategy and capital plans.

2. Periodically review and evaluate the major risk exposures of the Company and its business units, including market, credit, operational, liquidity, legal, cybersecurity, technology and reputational risks, against established risk measurement methodologies and tolerances, as applicable.

3. Oversee the Company’s risk identification framework.

4. Receive reports from the Chief Risk Officer and the Chief Financial Officer at least quarterly (and other internal departments as necessary to fulfill the Committee’s duties and responsibilities).

5. Receive reports, as necessary and appropriate, from the Chief Audit Executive regarding the results of reviews and assessments of risk management functions.

6. Receive reports, as necessary and appropriate, from the Cyber Risk and Information Technology Committees of Origin Bank (the “Bank”) regarding reviews and assessments of cybersecurity and technology risks consistent with the NIST Cybersecurity Framework.

7. Receive reports, as necessary and appropriate, regarding significant new product risk, emerging risks and regulatory matters related to the Committee’s authority, duties and responsibilities as set forth in this charter.

2

8. Receive reports, as necessary and appropriate, regarding the Company’s and the Bank’s complaint management program, including any red flags and/or ethics violations.

9. Review and recommend for the Board’s approval annually, and more often as appropriate, the Company’s risk appetite statement and, as and when appropriate, the Company’s other significant risk management and risk assessment guidelines and policies.

10. Receive reports, as necessary and appropriate, from management regarding strategic transactions and investments reviewed.

11. Oversee the Company’s process and significant policies for determining risk tolerance and review management’s measurement and comparison of overall risk tolerance to established limits.

12. As appropriate, confirm risk tolerance levels and capital targets and limits as set forth in the risk appetite statement.

13. Regularly report to the Board on the adequacy and quality of the Company’s methods for identifying, measuring, monitoring, controlling and reporting risks.

14. Annually, or more often as required, review the Company’s insurance program and the policies in place to address insurable risks, including coverages, limits, risk retention, claims, loss histories, and related matters.

15. Review any disclosures within the reports or filings made by the Company with the Securities and Exchange Commission related to the matters within the scope of the Committee’s authority.

B. Oversight of Regulatory Matters

1. Oversee management’s compliance with all of the regulatory obligations of the Company and its subsidiaries arising under applicable federal and state banking laws, rules and regulations.

2. Review significant risk management regulatory reports and findings of regulators, as applicable to the scope of the Committee’s responsibilities, and review and monitor any remediation plans required as a result of such reports or findings.

3. Review and approve, on an annual basis, the Company’s internal annual compliance training schedule.

4. Periodically review the effect of regulatory initiatives on the operations of the Company and its subsidiaries.

5. Meet with regulators when deemed necessary or appropriate by the Board or the Committee, or when requested by regulators.

3

C. Oversight of the Chief Risk Officer and Risk Management Function

1. Review and approve the appointment and, as appropriate, replacement of the Chief Risk Officer, who will report directly to the Committee as well as to the Chief Executive Officer.

2. Review and evaluate annually the qualifications, performance and compensation of the Chief Risk Officer.

3. Review with the Chief Risk Officer the adequacy of staffing and resources of the risk management function.

D. Coordination with Management and Other Board Committees

1. Coordinate with management, including the Chief Risk Officer, and the Audit Committee (which coordination may be through the Committee Chair), to help ensure that the committees have received the information necessary to permit them to fulfill their duties and responsibilities with respect to oversight of risk management and risk assessment guidelines and policies.

2. Coordinate with the Chief Executive Officer and the Compensation Committee (which coordination may be through the Committee Chair) in relation to the compensation of the Chief Risk Officer and consideration of risk assessment and risk management matters as they relate to compensation, including ensuring compensation practices are consistent with the safety and soundness of the Company and do not encourage excessive risk taking.

V. ACCESS AND RESOURCES

The Committee may conduct or authorize investigations into or studies of matters within the Committee’s scope of responsibilities with full access to all books, records, facilities and personnel of the Company and its subsidiaries. The Committee will have all resources and authority appropriate to discharge its duties and responsibilities, including the authority to select, retain and approve the fees and other retention terms of special or independent counsel, accountants or other experts or advisors (each, an “Advisor”), as it deems appropriate to carry out its duties. The Company will provide funding, as determined by the Committee, for payment of fees to any Advisors retained by the Committee. The Committee will be directly responsible for the appointment, compensation and oversight of the work of any Advisor it retains. The Company will also provide appropriate funding for ordinary administrative expenses of the Committee that are necessary in carrying out the duties of the Committee.

Nothing contained in this Charter is intended to create, or should be construed as creating, any responsibility or liability of the members of the Committee, except to the extent otherwise provided under applicable laws and regulations.

4

VI. PERFORMANCE AND CHARTER REVIEW

The performance of the Committee will be evaluated through an annual self-assessment process overseen by the Nominating and Corporate Governance Committee. In coordination with the Committee Chair and the Chairman of the Board, the Nominating and Corporate Governance Committee will review the results of the self-evaluation and present the results and actionable items for discussion to the Committee. Also, the Committee will review and reassess the adequacy of this Charter annually and recommend any proposed changes to the Nominating and Corporate Governance Committee or the full Board for approval, as appropriate.

VII. LIMITATION OF THE COMMITTEE’S RESPONSIBILITIES

While the Committee has the authority, responsibilities and duties set forth in this Charter, its core function is oversight. It is not the duty of the Committee to develop, implement and maintain an effective risk appetite framework or enterprise risk management framework, which is the responsibility of management.

Each member of the Committee will be entitled to rely, to the fullest extent permitted by law, upon the integrity of those persons or organizations within and outside the Company from whom the member receives information, the accuracy and completeness of the other information provided to the Company by such persons or organizations, absent actual knowledge to the contrary, and representations made by management and the Company’s outside advisors.

5